Recently I got a free license for BufferZone Pro. I have used its free version for sometime( this was the time when free version was as capable as pro but as I know current free version is limited as compared to pro). I always like BZ and the only complain from it is a bit slow down on launch of bufferzoned applications but that is tolerable.
It has a nice GUI( probably the best GUI of all SandBoxes). Like DefenceWall it has zero pop ups, so might be good for user who don,t like pop ups. It has four processes running in ProcessExplorer but total memory taken by them is acceptable( all in all about 20 Mb). There is an option for confidential files too that will be hidden from untrusted( BufferZoned) processes. Also u can mark any process as ForBidden that will deny all access to it and will deny its execution as well.

I tried it against few malware and my findings are as follows:

Advanced Process Terminator from DCS: I tried to kill IE ( that was running outside of BZ) via APT running inside bufferzone.
APT failed to kill IE, all tests passed by BZ.
BTW Bufferzone service is itself immune to termination by any process/ malware etc. APT even running outside of bufferzone was unable to kill BZ service. Very hardened self defense indeed. I have rarely seen such type of self defense.

Martin,s Undetectable Keylogger: Pass. An interesting thing is that unlike most other sandboxes and HIPS , BZ stops MUK totally as it does not allow even the logging of Alt, Shift, Ctrl etc keys. Very well PASS.

AKLT by FireWall tester: BZ passed first two key logging methods but failed the last one.

KeyHook by DCS: BZ Passed.

Home Key Logger and Family Key Logger( use global hooking): I installed them outside of BZ and then launched main executable inside BZ, they were able to set global hook( that was located outside of BZ) and logged keystrokes successfully. If I shifted the dll inside BZ and the executed main the executable inside BZ, BZ passed as no keys were logged. I am not sure it should be regarded as pass or fail. To me it appears as FAIL. I will see what they reply to it on their forums.
Zilla( Browsezilla) trojan/ worm: PASS, it was able to copy its executable in C:\ but all executables were inside BZ and if eexecuted they will crash. PASS

GlobalHook( keylogger behavior) : I used Y,z shadow that uses a global hook( legitimate hook but similar hook can be used by malware). It failed to set global hook. PASS

I am not sure but BZ,s behavior regarding global hooks seems inconistant. It blocks the global hook by YzShadow.exe but allows global hooks by HomeKeylogger and FamilyKeyLogger. There was nothing wrong in my testing probably it,s something wrong in BZ,s behavior and I will haver to wait for their reply in this regard.

BlackDay Trojan( It,s a very nasty trojan. It overwrites a lot of the executables on ur different HD partitions converting them into its copies. Not only u get a lot of malware executables but also u loose all the executables overwritten by the trojan. One important thing is that it does not remain limited to C partition but also jumps to other partitions as well, so if u are covering ur C partition with some Instant Recovery Software like FDISR, Returnil or PowerShadow etc, it might not help u as trojan will infect ur non-OS partitions as well):
BZ passed here. All copies of trojans were isolated inside bufferzone and it was not able to overwrite any executables. The only problem I noted that on attempted termination through BZ, I was not able to terminate BlackDay trojan process( may be some problem just on my system).
DFK Threat Simulator: Passed. Although I got the message that u have been owned but I think all of DFK threat Simulator,s activity was inside bufferzone. I was not able to terminate Win32.exe though( as challenged by DFK threat simulator) but I checked and it was infact running inside BufferZone), So on reboot everything should have been fine but I was not able to verify as I did all this testing in ShadowMode and would have lost everything on reboot. I will say it Pass. Unable to terminate win32.exe seems a bug of BZ just like BlackDay trojan above.

RegTest( 1 and 2) by Ghost Security: Pass. It was unable to reboot the system, though I was not able to reboot manually to confirm it( due to ShadowMode).

W32/ Virut.P trojan( it was the trojan one user got from an infected torrent( a crack) and it messed with FDISR service and infected other snapshot of FDISR as well. When I tried it, it was not even detected by many AVs on Virus Total. On my system it killed my AV Antivir. I tested it with Antivir,s guard off as it was detected by Antivir). BZ passed, as trojan was not able to mess with Antivir and other processes( grossly).

Brontok worm: It makes a lot of copies of itslef: BZ passed. All copies of the worm were isolated inside BZ.

In order to check malware cleaning capability of BZ, I installed an IE Spyware toolbar inside BufferZone. It was installed OK inside BufferZonesd IE. When I launched IE outside BufferZone, there was no toolbar. On launching IE inside BZ, toolbar was there. I then emptied BufferZone, removing all BZoned registry and files. Launched IE inside BZ and Spyware toolbar was gone. Same results with a legitimate toolbar( Google Toolbar). PASS

SDT Unhooker malware( called RKIT/Agent.EZ by Antivir): Once executed it unkooks all HIPS SSDT hooks making them blind. BZ passed.

BZ failed as prueba was able to make its copy outside of BufferZone in ProgramFiles> Config32 folder.( BTW CH failed against it but beta1 of ThreatFire stops this trojan).

KillDisk virus: not tested as I have no VM. Anyone please?

Results are quite good in my opinion. Only failures are against some keyloggers and Prueba.

I will make a thread over their forums. Let,s see what is their response.
Now I wonder why BZ is not so popular, it seems quite strong and I was able to run it alongwith Antivir, EQSecure, GeSWall, ThreatFire, and ShadowSurfer without any conflicts. That shows a lot of compatibility in my opinion.

Note: during this testing there was a minor problem with BZ install( due to my system, not due to BufferZone). I uninsnatlled BZ, then when I tried to reinstall, I did not find the key( I could not re-retrieve it from my e-mail as I had no internet at that time, so I just did a system restore that brought BZ,s installation back though some of its functions/ options were disabled( making it more like a free version). I don't however think that the results are affected by this in any way.

re: why its not more popular, its because it takes up more cpu usage than the likes of sandboxie, and I think alot of people see lots of fluff compared to sandboxie for the same purpose. Maybe I'm wrong.

But also sandboxie is free. Bufferzone has a free version too but I think its limited in some way.

Thanks for the tests aigle!
The Blackday trojan is one of the few malware types that I am truly afraid of. Limited user or FDISR wont help against it. To make images of all my harddrives/partitions would require really big backup drive, atleast until I figure out why my SP wont compress.
Maybe it is an old malware but I didnt know they where out there, I have been expecting one though. I know I am a bit ignorant about this, maybe I have put my head in the sand before but have not read about such malware for years. Is it or malware like it which spreads to other drives common?

Maybe I have to install Returnil, shadowdefefender or Powershadow to protect my other partitions and drives after all....Drat! now that I moved on to a more lighter security setup and was very happy with it

Thanks for the tests aigle!
The Blackday trojan is one of the few malware types that I am truly afraid of. Limited user or FDISR wont help against it. To make images of all my harddrives/partitions would require really big backup drive, atleast until I figure out why my SP wont compress.
Maybe it is an old malware but I didnt know they where out there, I have been expecting one though. I know I am a bit ignorant about this, maybe I have put my head in the sand before but have not read about such malware for years. Is it or malware like it which spreads to other drives common?

Maybe I have to install Returnil, shadowdefefender or Powershadow to protect my other partitions and drives after all....Drat! now that I moved on to a more lighter security setup and was very happy with it

Click to expand...

I use EQS file protection feature( very strong indeed). NG will cover it also due to filter for "stopping an executable from making copy of itself". ThreatFire/ CH will protect too think. Any sandbox like BZ, GW, SBIE will protect as well.
Otherwise separate ur data from OS( two partitions), image OS partition and make backup of data, put them ofline.
I can,t think of any other ways ATM.

Well, I think I may answer on your question why BZ is not so popular. The point is that SBIE is the same sandbox type software (with file system virtualization), much smaller, almost free . As about simplicity- policy-based sandboxes without file system virtualization are out of competition.

Also, there is one more point here. It is interesting, but one-wizard-man projects takes more sympathy (from my own experience). Don't know why, I may only guess...

I also tried BZ pro with the free licence...However it still has issues, AdMuncher and Roboform are not compatible...Sandboxie on the other hand works perfect here and in my mind it´s an absolute winner!

Now I wonder why BZ is not so popular, it seems quite strong and I was able to run it alongwith Antivir, EQSecure, GeSWall, ThreatFire, and ShadowSurfer without any conflicts. That shows a lot of compatibility in my opinion.

Click to expand...

Thanks for the testdrive Aigle. I never doubted the fact that BZ gives good protection, but everytime I tried it, it used way too many resources and it was very sluggish. Just like the new SafeSpace which is similar. Sandboxie is like 10x better. And are you sure you could run it with all these tools without system slowdown? On my virtual machine it´s even sluggish without any other tools installed.

Thanks for the testdrive Aigle. I never doubted the fact that BZ gives good protection, but everytime I tried it, it used way too many resources and it was very sluggish. Just like the new SafeSpace which is similar. Sandboxie is like 10x better. And are you sure you could run it with all these tools without system slowdown? On my virtual machine it´s even sluggish without any other tools installed.

Click to expand...

Equal results here. Way back when some time ago i really was encouraged with BZ and actually tried to live with the limitation of it slowing browsing but that became a real issue for a speedster like myself.

I'm sure it's developed far beyond and better now then when i tried it before.

Likewise, thanks for test results, impressive. Like others i've settled into Sandboxie for the time being but am not deterred from BufferZone in anyway and especially from results like those.

Thanks for the testdrive Aigle. I never doubted the fact that BZ gives good protection, but everytime I tried it, it used way too many resources and it was very sluggish. Just like the new SafeSpace which is similar. Sandboxie is like 10x better. And are you sure you could run it with all these tools without system slowdown? On my virtual machine it´s even sluggish without any other tools installed.

Click to expand...

Hi Rasheed187

Completely the opposite here with Buffer Zone. No apparent slowdown and the resource numbers seem ridiculously low. I'll post them when on the machine in question.

As the others said nice job aigle! As for people preferring Sandboxie from what I have read it would fail at many of the tests Bufferzone passed (please let me know if my readings are incorrect). So if true I am not sure why people prefer to use a product that is not as safe even though it is free unless the funds are just not available. In that case I totally understand.

Can anyone performe the same tests with SandboxIE and post the results?

Click to expand...

Yes, I hope Aigle will do this, but I have no reason to believe that SBIE can´t stop most of these tests. All tests that try to modify file system and registry will probably be passed. I do know that SBIE does not protect against keyloggers. And if you look at performance, it´s also quite easy to install apps in the sandbox, I wonder if BufferZone can do the same?

@ Old Monk, I suppose it might depend on your system configuration, for me it always felt quite heavy, the last time I checked was about 3 months ago, and I think it´s unlikely that resource usage has been improved that dramatically.

"Your PC is secure from viruses, spyware and malware while you surf the Internet, download and open files within the virtual BufferZone. Trustware is willing to pay $500 to anyone who can prove otherwise."

Are you sure about this? What does "Limited user... won't help against it [Blackday]" mean? I thought malware executed in an LUA cannot write or delete system files?

Click to expand...

I am not worried about my system files, LUA does a excellent job in protecting them and FDISR can restore C drive. I am worried about malware that targets my other partition (and drives?).

BlackDay Trojan( It,s a very nasty trojan. It overwrites a lot of the executables on ur different HD partitions converting them into its copies. Not only u get a lot of malware executables but also u loose all the executables overwritten by the trojan. One important thing is that it does not remain limited to C partition but also jumps to other partitions as well, so if u are covering ur C partition with some Instant Recovery Software like FDISR, Returnil or PowerShadow etc, it might not help u as trojan will infect ur non-OS partitions as well):